| Content: As computers are used widely, it is a trend to use it for processing information, which covers confidential military, government, economy and personal data. Techniques of computer security, which involve cryptography, Authentication, access control, intrution detection, are attracting more attention. As an infrastructure of the information security, PKI is a hot topic in the research field of computer security.This paper focuses on studying and analyzing some key techniques of Public Key Infrastructure. All the research result will lay the foundation of development and deployment of a PKI. Five parts are contained in this paper, which listed below:Firstly, after a brief description of components, characteristic and functions of a PKI, a deep study on PKI architectures and trust models are made, and a comparation of the advantages or disadvantages of each model is given. The seven cross certification models of PKI and a principle of the cross models method are summarised. A representative design of a cross certification model based on the bridge is given, which is called China Bridge CA (CNBCA). All above work will be a guide to make a choice of the four trust models when we are preparing for deployment a real PKI system.Secondly, a deep study on the certificate mechanism of PKI is made. It indicates the advantages of the dual certificate mechanism. The TLS protocol with the dual certificate mechanism is rebuilt. At the end of this part, an improved TLS protocol, ETLS, which is based on the attribute certificate, dual certificate and Cookie, is proposed.Thirdly, the issuing mechanism of certificate status based on CRL is discussed in detail. Contraposed with the traditional CRL issuing mechanism, an improved CRL issuing algorithm is brought forward, and the performance is analysed. An evaluation method of the network load along with the CRL searching is brought forward, which is the guide of the solution of the issusing of certificate status in a real PKI.Fouthly, the combination of PKI and Biometrics is discussed in detail. After a brief intrudution of Biometrics, a frame of a PKI system based on the biometric, which is called BPKI, is brought out to bridge the gap between authentication and the end-user in PKI applications. Finally, we make some conclusion and outline future directions based on the BPKI system.Fifthly, the hot topic, the new direction of PKI, which is called WPKI, is discussed in detail. A kind of WPKI mini-certificate format is brought out and applied in the WSCA of the WPKI system. We have got some experiment data through the WSCA's testing. The research results of this technique will be a guide to the WPKI research directions in the future.Lastly, the contents of the paper are summarized and the future works to do are proposed.
|
PDF Full Text Request